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DETAILED ACTION 

Claims 1-43 have been considered. All claims are rejected. The examiner maintains both 
rejections. A response to the applicant's arguments regarding the Hughes rejection is presented below. 

5 Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 
1.17(e), was filed in this application after final rejection. Since this application is eligible for continued 
examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's 
10 submission filed on 8/29/05 has been entered. 

. Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
1 5 claiming the subject matter which the applicant regards as his invention. 

Claims 1-27 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to 
particularly point out and distinctly claim the subject matter which applicant regards as the invention. In 
20 claim 1, the applicant refers to a received out-of-order message in part a and a received out-of-order 
message in part b and then discloses "said received out-of-order message" in part d. It is unclear which 
message the applicant is referring to. Independent claims 10 and 19 have a similar reference problem. 
Appropriate correction is required. 

25 Claims 1 : 35 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to 

particularly point out and distinctly claim the subject matter which the applicant regards as the invention. 
In claim 1, the applicant discloses "comparing said nonce value to an acceptance window" in part c. It is 
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unclear whether "said nonce value" refers to the nonce value of the message of part a or the nonce value 
of the message of part b. Appropriate correction is required. 

Claims 36-43 are rejected under 35 U.S.C. 112, second paragraph. Claim 36 recites the 
limitation "said largest sequence number yet seen". There is insufficient antecedent basis for this 
limitation in the claim. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-43 are rejected under 35 U.S.C. 102(b) as being anticipated by anticipated by Hughes 
(Hughes, J. "Combined DES-CBC, HMAC and Replay Prevention Security Transform". IPsec Working 
Group. June 1996). 

As per claims 1-43, the applicant describes a method of processing messages comprising the 
following limitations which are met by Hughes: 

a) determining a largest nonce value yet seen from a nonce value of a received message (pages 
3-4 and 10-11); 

b) comparing a nonce value of a received message with said largest nonce value yet seen (pages 
3-4 and 10-11); 

c) comparing said nonce value to an acceptance window in response to said nonce value not 
exceeding said largest nonce value yet seen (pages 3-4 and 10-11); 
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d) rejecting said received message in response to said nonce value falling outside said 
acceptance window (pages 3-4 and 10-11). 

Hughes discloses the idea of a sliding acceptance window to allow a receiver to accept out-of- 
order nonce values while preventing replay attacks (pages 3-4). Appendix A (pages 10-11) illustrates the 
procedure. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C, 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-43 are rejected under 35 U.S.C. 103(a) as being unpatentable over Schneier, U.S. 
Patent No. 5,970,143. 

As per claims 1 , 1 0, and 1 9, the applicant describes a method of processing messages 
comprising the following limitations which are met by Schneier: 

a) determining a largest nonce value yet seen from a nonce value of a received message (Col 16, 
lines 9-16); 

b) comparing a nonce value of a received message with a largest nonce value yet seen (Col 16, 
lines 9-16); 

c) comparing said nonce value to an acceptance window in response to said nonce value not 
exceeding said largest nonce value yet seen (Col 16, lines 17-32); 

d) rejecting said received message in response to said nonce value falling outside said 
acceptance window (Col 16, lines 17-32); 
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Schneier discloses all the limitations of the above claim. However, Schneier discloses limitations 
a and b in one embodiment where sequence numbers are checked and limitations c and d in a second 
embodiment where a timestamp is checked to make sure the message is within an acceptable time 
window. 

5 Combining the two embodiments would mean that a message is first checked against the stored 

largest nonce value yet seen to make sure the newly-received sequence number is one larger. If the 
newly-received sequence number is one larger it can be accepted as fresh. If the newly-received 
sequence number does not exceed the largest nonce value yet seen, it is then checked against an 
acceptance window by the timestamping operation and rejected if it fails this test. 
10 It would have been obvious to one of ordinary skill in the art at the time the invention was filed to 

combine the two embodiments together because doing so allows old messages which are valid to be 
allowed if they are within a certain time window. This makes the system more robust because it is now 
able to allow out-of-order messages received within a certain time window. 

15 As per claim 28, the applicant describes a system for processing messages in a peer-to-peer 

configuration comprising the following limitations: 

a) a first peer configured to provide secure communication (14 of Fig 2); 

b) a second peer configured to provide said secure communication (12 of Fig 2); 

c) a secure communication module configured to be executed by said first peer and second peer, 
20 wherein said secure communication module is configured to: 

i) determine a largest nonce value yet seen from a nonce value of a received message 
(Col 16, lines 9-16); 

ii) compare said nonce value to a filter in response to a nonce value of a received packet 
not exceeding a largest nonce value yet seen (Col 16, lines 24-32); 

25 iii) compare said nonce value to a replay mask (Col 16, lines 24-32); 

iv) accept said received packet in response to said comparison of said nonce value and 
said replay mask being false (Col 16, lines 24-32); 
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The filter is the acceptance window and is comprised of a time limit of acceptance and unexpired 
messages within that time limit of acceptance which are replay masks to prevent the same nonce from 
being sent twice. If the nonce is not the largest nonce value yet seen and the time associated with the 
nonce is within a certain acceptable time limit, it is compared to unexpired messages within the time limit 
5 and accepted if the nonce value is not equal to a replay mask value already received. 

As per claim 36, the applicant describes an interceptor device for processing messages 
comprising the following limitations: 

a) a network interface (20 of Fig 2; Col 1 1, lines 56-58); 
10 b) an expected sequence register configured to enumerate an expected sequence number of a 

packet received from a second network device (Col 16, lines 9-16); 

c) a memory configured to store a replay mask (Col 16, lines 24-32); 

d) a controller, wherein said controller is configured to: 

i) determine a largest nonce value yet seen from a nonce value of a received message 
15 (Col 16, lines 9-16); 

ii) compare said nonce value to a filter in response to a sequence number of a received 
packet via said network interface does not exceed a largest sequence number yet seen retrieved 
from said expected sequence register (Col 16, lines 24-32); 

iii) compare said sequence number to said replay mask retrieved from said memory (Col 

20 16, lines 24-32); 

iv) accept said received packet in response to said comparison of said sequence number 
and said replay mask is false (Col 16, lines 24-32); 



25 



As per claims 2,3,11,13,20,21,29, and 37, the applicant discloses the method of claims 
1,10,19,28, and 36, which are met by Schneier (see above), further comprising the following limitation 
which is also met by Schneier: 
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Designating said nonce value as a nonce value seen in response to said nonce value exceeding 
said largest nonce value yet seen (Col 16, lines 9-16); 

As disclosed by Schneier, "The central computer stores the most recent sequence number in 
memory" (Col 16, lines 13-14). 

5 

As per claims 4,12,22,30, and 38, the applicant discloses the method of claims 1,10,19,28, and 
36, which are met by Schneier (see above), further comprising the following limitation which is also met 
by Schneier: 

Adjusting an acceptance window based on said nonce value in response to said nonce value 
10 exceeding said largest nonce value yet seen (Col 16, lines 24-32); 

The acceptance window is a log of nonces which have been received within a prescribed amount 
of time. The acceptance window is used to determine a replay attack through two methods: 1) if the 
nonce received has a time earlier than the acceptance window allows and 2) if the nonce received has 
already been received and is stored in the acceptance window. 
15 If the nonce received has a value exceeding the largest nonce value yet seen and is accepted as 

a valid nonce, it is stored in the database of nonces received. The acceptance window is adjusted 
because the acceptance window will no longer allow the nonce that has just been placed in it. 

As per claims 5,7,14,16,23,25,32,34,40, and 42, the applicant describes the method of claim 
20 1,6,10,16,19,24,28,33,36, and 41, which are met by Schneier (see above), with the following limitation 
which is also met by Schneier: 

Designating said received message as a replay attack (Col 16, lines 17-32); 
If the acceptance window determines that a message either 1) has a time earlier than the 
acceptance window allows or 2) has a nonce which has already been received and stored in the 
25 acceptance window, the message is determined to not be fresh. If a message is not fresh, it is a replay 
attack. 
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As per claims 6,8,15,17,24,26,33, and 41, the applicant describes the method of claims 
1,10,19,28, and 36, which are met by Schneier (see above), with the following limitation which is also met 
by Schneier: 

a) comparing said nonce value to a window mask value in response to said nonce value falling 
5 within said acceptance window (Col 16, lines 24-32); 

b) rejecting said received message in response to an outcome of said comparison of said nonce 
value to said window mask value being true (Col 16, lines 24-32); 

If the nonce value has a time which falls within the acceptance window, it is compared to window 
mask values to determine if the nonce has already been used. If the nonce value has already been used, 
10 the message is rejected. If the nonce has not already been used, the message is accepted. 

As per claims 9,18, and 27, the applicant describes the method of claims 8,17, and 26, which are 
met by Schneier (see above), with the following limitation which is also met by Schneier: 

Designating said nonce value as a nonce value seen (Col 16, lines 24-32); 
15 As disclosed by Schneier, "The central computer maintains a database of all random numbers 

received from the game computers" (Col 16, lines 26-27). 



As per claims 31 and 39, the applicant describes the system according to claims 28 and 36, 
which are met by Schneier (see above), with the following limitation which is also met by Schneier: 
20 Wherein said secure communication module is further configured to reject said received packet in 

response to said nonce value falling outside said filter (Col 16, lines 17-32); 

The nonce value falls outside a filter and is rejected as a replay attack if the nonce's associated 
time is prior to the acceptable time of the filter. 



25 



As per claims 35 and 43, the applicant describes the system according to claims 28 and 36, 
which are met by Schneier (see above), with the following limitation which is also met by Schneier: 
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Wherein said secure communication module is further configured to reject said received packet in 
response to said nonce value fails to fall within said filter and said secure communication module is 
further configured to designate said received packet as part of a replay attack (Col 16, lines 17-32). 

Response to Arguments 

Applicant's arguments, see Remarks filed 8/29/05, with respect to the rejection of claim 1 under 
Hughes have been fully considered but are not persuasive. The applicant argues that Hughes does not 
teach the amended limitations. More specifically, the applicant argues that Hughes does not teach 
determining a largest nonce value from a nonce value of an out-of-order received message. The 
examiner disagrees. 

Hughes discloses that replay attack may be prevented by employing a simple count test or by 
allowing out-of-order packets to be received (page 3). Hughes further discloses the method for receiving 
out-of-order packets in Appendix A on page 10, and the examiner has provided line numbering for the 
applicant's convenience. Hughes discloses that a nonce value (seq) of a message, which may be out-of- 
order, is compared with a largest nonce value yet seen (lastseq) in line 2 or page 10. If the nonce value 
(seq) is larger than a largest nonce value yet seen, the method proceeds with lines 2-9. For example, if 
"seq" is 80 and "lastseq 1 ' is 60, the method proceeds with lines 2-9. In line 7, the larger nonce value 
becomes a largest nonce value yet seen. In the example above, for example, "lastseq" would now 
become 80. Thus, Hughes discloses determining a largest nonce value yet seen from a nonce value of 
an out-of-order received message. 

Conclusion 

This action is made non-final. 

Any inquiry concerning this communication or earlier communications from the examiner should 
25 be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 7:30-6:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3868. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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EMMAfWEL L MOISE 
SUPERVISORY PATENT EXAMINER 




